Re: git: b4f09ace0fb2 - main - security/vuxml: Fix range for OpenSSH vuln.
- In reply to: Bryan Drewery : "git: b4f09ace0fb2 - main - security/vuxml: Fix range for OpenSSH vuln."
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 02 Jul 2024 16:44:58 UTC
On 7/2/24 09:13, Bryan Drewery wrote: > The branch main has been updated by bdrewery: > > URL: https://cgit.FreeBSD.org/ports/commit/?id=b4f09ace0fb2a43504a5d63501ddf3503a67da76 > > commit b4f09ace0fb2a43504a5d63501ddf3503a67da76 > Author: Bryan Drewery <bdrewery@FreeBSD.org> > AuthorDate: 2024-07-02 16:13:40 +0000 > Commit: Bryan Drewery <bdrewery@FreeBSD.org> > CommitDate: 2024-07-02 16:13:51 +0000 > > security/vuxml: Fix range for OpenSSH vuln. > > Security: f1a00122-3797-11ef-b611-84a93843eb75 > --- > security/vuxml/vuln/2024.xml | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/security/vuxml/vuln/2024.xml b/security/vuxml/vuln/2024.xml > index cb0b4fc0ffb3..373d4938fd97 100644 > --- a/security/vuxml/vuln/2024.xml > +++ b/security/vuxml/vuln/2024.xml > @@ -73,7 +73,7 @@ > <affects> > <package> > <name>openssh-portable</name> > - <range><lt>9.7_1,1</lt></range> > + <range><lt>9.7_2,1</lt></range> > </package> > </affects> > <description> I believe this is still wrong, it should be 9.7.p1_2,1 (my systems still report as vulnerable after updating). Craig fun 52 # pkg info | fgrep openssh openssh-portable-9.7.p1_2,1 The portable version of OpenBSD's OpenSSH fun 53 # pkg audit -qF -f /var/db/pkg/vuln.xml openssh-portable-9.7.p1_2,1